[FW-1] Tool for viewing external audit log file
Hi, there are audit log files (and also normal traffic logs maybe) which are stored on a disk and i have to open them which smartviewtracker doesnt seem to help . Are there any tools methods for that? Regards Scanned by Check Point Total Security Gateway. = To set vacation, Out-Of-Office, or away messages, send an email to lists...@amadeus.us.checkpoint.com in the BODY of the email add: set fw-1-mailinglist nomail = To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html = If you have any questions on how to change your subscription options, email fw-1-ow...@ts.checkpoint.com =
[FW-1] Georg Schwab ist außer Haus.
Ich werde ab 29.07.2011 nicht im Büro sein. Ich kehre zurück am 01.08.2011. In dringenden Fällen wenden Sie sich bitte an Herrn Andreas Brandauer (andreas.branda...@rvs.at) oder Herrn Christian Moser (christian.mo...@rvs.at) Ich werde Ihre Nachricht nach meiner Rückkehr beantworten. Die Übermittlung von Nachrichten per e-mail erfolgt ausschließlich zu Informationszwecken. Rechtsverbindliche Erklärungen werden über dieses Medium nicht abgegeben. This message and any attached files are only for information purposes. E-Mail is not used for the exchange of legally binding statements. Scanned by Check Point Total Security Gateway. = To set vacation, Out-Of-Office, or away messages, send an email to lists...@amadeus.us.checkpoint.com in the BODY of the email add: set fw-1-mailinglist nomail = To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html = If you have any questions on how to change your subscription options, email fw-1-ow...@ts.checkpoint.com =
Re: [FW-1] getting information about rule creations from audit logs
Hi , Many thanks here is the added 'security_rule'is the clue to look for for a new rule creation. Regards 2011/6/29 Alexey Baltacov drongt...@gmail.com: Hi, Rule modification shown following way (in R65) Number: 11264 Date: 29Jun2011 Time: 9:02:38 Application: SmartDashboard Subject: Object Manipulation Operation: Modify Object Type: Log Object Type: firewall_policy Performed On: Standard Changes: UID = {8E7D9D25-757B-4CA4-956B-623D0A559264} Section Title 18 UID = {B893952E-ED77-4BA0-B9A7-98179F744D09} state: changed from 'collapsed' to 'expanded' Rule 159: added 'security_rule' - UID = {2950150B-9A7E-438A-9929-BFC280D3488C} Source: Lync_DMZ Destination: Any VPN: Any Service: domain-tcp Action: accept Install On: Cluster_IL Administrator: alexey Client: MANGIL1-VM Client IP: MGMT-IL (172.30.10.25) Object Table: fw_policies Operation Number: 1 Origin: FW1-IL Uid: {8E7D9D25-757B-4CA4-956B-623D0A559264} So you should search for relevant UID in Changes field of audit logs. Please be sure you are searching in correct logs (by date) On Wed, Jun 29, 2011 at 9:21 AM, pkc mls pkc_...@yahoo.fr wrote: Le 27/06/2011 10:49, a bv a écrit : Hi list, Hi a I have some rules on the firewall and i have to find out who and when created the specific rules (numbers given) . Audit logs on smartviewtracker are not so easiliy understandable so i wanted to ask the list for the best way. I'm afraid it's the only way for you to trace back what has been done. which version are you running ? looks like the 'create rule' doesn't exist in the operation list; you can search when the object that are used by this rule were created. you can also ask the firewall admins to comment what they do. (there is a comment column in firewall rulebase). Scanned by Check Point Total Security Gateway. = To set vacation, Out-Of-Office, or away messages, send an email to lists...@amadeus.us.checkpoint.com in the BODY of the email add: set fw-1-mailinglist nomail = To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html = If you have any questions on how to change your subscription options, email fw-1-ow...@ts.checkpoint.com = -- Sincerely, Alexey Baltacov drongt...@gmail.com | Tel: +972-504989954 Scanned by Check Point Total Security Gateway. = To set vacation, Out-Of-Office, or away messages, send an email to lists...@amadeus.us.checkpoint.com in the BODY of the email add: set fw-1-mailinglist nomail = To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html = If you have any questions on how to change your subscription options, email fw-1-ow...@ts.checkpoint.com = Scanned by Check Point Total Security Gateway. Scanned by Check Point Total Security Gateway. = To set vacation, Out-Of-Office, or away messages, send an email to lists...@amadeus.us.checkpoint.com in the BODY of the email add: set fw-1-mailinglist nomail = To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html = If you have any questions on how to change your subscription options, email fw-1-ow...@ts.checkpoint.com = Scanned by Check Point Total Security Gateway.
Re: [FW-1] getting information about rule creations from audit logs
There are logs for some logs which says added added security_rule but not all the ones. and exactly the rules i found seem doesnt exit?strange regards 2011/7/29 a bv vbavbal...@gmail.com: Hi , Many thanks here is the added 'security_rule'is the clue to look for for a new rule creation. Regards 2011/6/29 Alexey Baltacov drongt...@gmail.com: Hi, Rule modification shown following way (in R65) Number: 11264 Date: 29Jun2011 Time: 9:02:38 Application: SmartDashboard Subject: Object Manipulation Operation: Modify Object Type: Log Object Type: firewall_policy Performed On: Standard Changes: UID = {8E7D9D25-757B-4CA4-956B-623D0A559264} Section Title 18 UID = {B893952E-ED77-4BA0-B9A7-98179F744D09} state: changed from 'collapsed' to 'expanded' Rule 159: added 'security_rule' - UID = {2950150B-9A7E-438A-9929-BFC280D3488C} Source: Lync_DMZ Destination: Any VPN: Any Service: domain-tcp Action: accept Install On: Cluster_IL Administrator: alexey Client: MANGIL1-VM Client IP: MGMT-IL (172.30.10.25) Object Table: fw_policies Operation Number: 1 Origin: FW1-IL Uid: {8E7D9D25-757B-4CA4-956B-623D0A559264} So you should search for relevant UID in Changes field of audit logs. Please be sure you are searching in correct logs (by date) On Wed, Jun 29, 2011 at 9:21 AM, pkc mls pkc_...@yahoo.fr wrote: Le 27/06/2011 10:49, a bv a écrit : Hi list, Hi a I have some rules on the firewall and i have to find out who and when created the specific rules (numbers given) . Audit logs on smartviewtracker are not so easiliy understandable so i wanted to ask the list for the best way. I'm afraid it's the only way for you to trace back what has been done. which version are you running ? looks like the 'create rule' doesn't exist in the operation list; you can search when the object that are used by this rule were created. you can also ask the firewall admins to comment what they do. (there is a comment column in firewall rulebase). Scanned by Check Point Total Security Gateway. = To set vacation, Out-Of-Office, or away messages, send an email to lists...@amadeus.us.checkpoint.com in the BODY of the email add: set fw-1-mailinglist nomail = To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html = If you have any questions on how to change your subscription options, email fw-1-ow...@ts.checkpoint.com = -- Sincerely, Alexey Baltacov drongt...@gmail.com | Tel: +972-504989954 Scanned by Check Point Total Security Gateway. = To set vacation, Out-Of-Office, or away messages, send an email to lists...@amadeus.us.checkpoint.com in the BODY of the email add: set fw-1-mailinglist nomail = To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html = If you have any questions on how to change your subscription options, email fw-1-ow...@ts.checkpoint.com = Scanned by Check Point Total Security Gateway. Scanned by Check Point Total Security Gateway. = To set vacation, Out-Of-Office, or away messages, send an email to lists...@amadeus.us.checkpoint.com in the BODY of the email add: set fw-1-mailinglist nomail = To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html = If you have any questions on how to change your subscription options, email fw-1-ow...@ts.checkpoint.com =